Hello, I'm trying to use LDAP for authentification and authorization but it doesn't work. So I need you help... thanks for advance! My realm (in server.xml) seems to work because I can see in my logs that Slide uses the "propfind" method (I use the client commandline client for my tests). Slide wouldn't do it if the authentification have failed. Unfortunately I get "forbidden" for the authorization.
Could you explain me what are the main things to do in order to get the values of "group-member-set" in LDAP ? Until now I have tried to change the domain.xml. I have done a scope for /roles and a new store for the roles. Is there anything else to do? In another file for example or lower in the file domain.xml... Here is a few little questions: Do I have to use a LDAP store for my users too or the realm is enough? Do I have to create a resource for LDAP in server.xml ? Do I have to create a root user in Ldap, I mean : would it work if I don't do it ? What is the element that concerns the group-member-set ? (nodestore? securitystore?) If I want to use LDAP to store the metadata from a file, do I have to create manually each attribute in LDAP? Or maybe the LDAP store is only used as a read-only "database" ? Is it possible that Slide runs without any files in /users and /roles ? For example if I have a group called "mygroup" in LDAP, do I need necessary a file mygroup.def.xml inside /roles ? It not, is it possible to use a role-link (web.xml) to be able to create a group called mygroup in LDAP corresponding to a role called "myrole" in Slide ? My groups in LDAP have a special char ":" so slide can't create the roles' files. The role-link works for authentification but that's maybe a reason of my problems... Last question: how can I log the JNDI authorization process? I have the logs for authentification (realm) but I don't know how to get the same kinds of logs for the authorization... it could help. Have a nice day and good work! Yizashi Student
